61a22368ce3315240a83f35302c3c8d29f96e358a25979fb664b74271152af8a

Sharing

Copy URL Twitter E-mail

General

Target

61a22368ce3315240a83f35302c3c8d29f96e358a25979fb664b74271152af8a
Size

14.5MB
MD5

367dca8f5d8ab983a034426cc58a3b4b
SHA1

27c4b77007f16c6562412e8efc97ee738345ac59
SHA256

61a22368ce3315240a83f35302c3c8d29f96e358a25979fb664b74271152af8a
SHA512

a0d844cc86e21711242019cbc6d03124a2f1126ce2bf06cd26a5355aa148f455d6aba51a6b303288b60057cd5369971315468873a3f398722456c63558977f39
SSDEEP

196608:0Y/nC1v5dZ2fRYPGEkA5+YealjJ/VtJsv6tWKFdu9CDbFd1:0+nQ0RYP95TljJ/VtJsv6tWKFdu9CtD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61a22368ce3315240a83f35302c3c8d29f96e358a25979fb664b74271152af8a

Files

61a22368ce3315240a83f35302c3c8d29f96e358a25979fb664b74271152af8a
.exe windows:5 windows x86 arch:x86

0680391f4d67086c8644e08bff5024ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemAlloc
CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoUninitialize
StringFromGUID2
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal

imm32

ImmAssociateContext
ImmGetVirtualKey
ImmSetCandidateWindow
ImmGetDefaultIMEWnd
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmGetCompositionStringW
ImmNotifyIME

winmm

PlaySoundW

oleaut32

SystemTimeToVariantTime
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
SHGetSpecialFolderPathW
CommandLineToArgvW
Shell_NotifyIconW

gdi32

GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
CreateDIBSection
GdiFlush
GetBitmapBits
GetFontData
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
CreateFontIndirectW
EnumFontFamiliesExW
CreateBitmap
CreateRectRgn
CombineRgn
BitBlt
SelectObject
DeleteDC
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
SelectClipRgn
GetCharABCWidthsW
OffsetRgn
GetDIBits
CreateDCW
GetRegionData

ws2_32

freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSARecv
WSAIoctl
WSAGetLastError
WSASetLastError
shutdown
setsockopt
select
listen
htonl
recv
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
WSAStartup
WSAAsyncSelect
gethostname
WSASendTo
WSARecvFrom
getsockopt
WSANtohl
WSAHtonl
WSAConnect
WSAAccept
htons
gethostbyname
gethostbyaddr
ntohl
inet_addr
WSANtohs
send

advapi32

OpenProcessToken
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CopySid
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashA
CryptEnumProvidersA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA

user32

GetDoubleClickTime
GetCaretBlinkTime
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
RealGetWindowClassW
EnumWindows
GetWindowTextW
GetMessageExtraInfo
TrackMouseEvent
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
MessageBoxW
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
PostThreadMessageW
CharNextExA
SetCursorPos
GetClipboardFormatNameW
RegisterClassW
NotifyWinEvent
SetMenuItemInfoW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
SetCaretPos
HideCaret
DestroyCaret
CreateCaret
RegisterWindowMessageW
GetKeyboardLayout
GetAsyncKeyState
RegisterClipboardFormatW
GetWindowThreadProcessId
ChangeClipboardChain
SetClipboardViewer
LoadIconW
GetSysColor
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyIcon
DestroyCursor
SetParent
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
DestroyWindow
IsChild
CreateWindowExW
DefWindowProcW
PostMessageW
SendMessageW
MessageBeep
SystemParametersInfoW

kernel32

GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
DecodePointer
EncodePointer
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
MoveFileExW
SetFilePointerEx
GetExitCodeProcess
TerminateProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileW
CopyFileW
RemoveDirectoryW
GetLogicalDrives
GetFileInformationByHandle
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
GetModuleFileNameW
GetStartupInfoW
WriteFileEx
CancelIo
PeekNamedPipe
ReadFileEx
LCMapStringW
QueryPerformanceFrequency
ResumeThread
SetThreadPriority
CreateThread
SwitchToThread
DuplicateHandle
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetThreadPriority
GetCurrentThread
GetSystemDirectoryW
InterlockedPopEntrySList
GetCommandLineW
GetUserDefaultLCID
CompareStringW
SetHandleInformation
ResetEvent
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
DisconnectNamedPipe
ExitProcess
GetConsoleWindow
lstrcmpW
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
SetConsoleCtrlHandler
GetCommandLineA
SetFileAttributesW
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetModuleFileNameA
GetACP
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLastError
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
IsProcessorFeaturePresent
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
InterlockedCompareExchange
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
PostQueuedCompletionStatus
TlsAlloc
VerSetConditionMask
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForMultipleObjects
TlsGetValue
TlsSetValue
SleepEx
CreateEventW
CreateWaitableTimerW
SetWaitableTimer
VerifyVersionInfoW
GetModuleHandleW
IsValidLanguageGroup
IsValidLocale
SetErrorMode
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
GlobalSize
DeviceIoControl
GetStdHandle
GetFileType
GetModuleHandleA
IsDebuggerPresent
InitializeSListHead
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
SetEnvironmentVariableA
WriteConsoleW
FindFirstFileExA
FindNextFileA
GlobalMemoryStatus
FlushConsoleInputBuffer
ReleaseMutex
ReadConsoleInputA
CreateTimerQueue
SignalObjectAndWait
GetTickCount
GetLogicalProcessorInformation
SetConsoleMode
GetLocalTime
TlsFree

opengl32

glIsEnabled
glIsTexture
glLineWidth
glPixelStorei
glPolygonOffset
glReadPixels
glScissor
glStencilFunc
glStencilMask
glStencilOp
glTexImage2D
glTexParameterf
glHint
glTexParameteri
glTexParameteriv
glTexSubImage2D
glViewport
glGetTexParameteriv
glGetTexParameterfv
glGetString
glEnable
glDrawElements
glDrawArrays
glDisable
glDepthRange
glDepthMask
glDepthFunc
glGetIntegerv
glGetFloatv
glGetError
glGetBooleanv
glGenTextures
glFrontFace
glFlush
glTexParameterfv
glBindTexture
glBlendFunc
glClear
glClearColor
glClearDepth
glClearStencil
glDeleteTextures
glCullFace
glCopyTexSubImage2D
glCopyTexImage2D
glColorMask
glFinish

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

crypt32

CertCreateCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 178KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0680391f4d67086c8644e08bff5024ca

Headers

DLL Characteristics

File Characteristics

Imports

ole32

imm32

winmm

oleaut32

shell32

gdi32

ws2_32

advapi32

user32

kernel32

opengl32

iphlpapi

crypt32

Sections

.text Size: 9.2MB - Virtual size: 9.2MB

.rdata Size: 4.8MB - Virtual size: 4.8MB

.data Size: 178KB - Virtual size: 239KB

.qtmetad Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 3KB - Virtual size: 2KB

_RDATA Size: 1024B - Virtual size: 560B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 334KB - Virtual size: 333KB

.text
Size: 9.2MB - Virtual size: 9.2MB

.rdata
Size: 4.8MB - Virtual size: 4.8MB

.data
Size: 178KB - Virtual size: 239KB

.qtmetad
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 1024B - Virtual size: 560B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 334KB - Virtual size: 333KB